Cloud KMS V1 Client - Class EkmServiceClient (2.1.2)

Reference documentation and code samples for the Cloud KMS V1 Client class EkmServiceClient.

Service Description: Google Cloud Key Management EKM Service

Manages external cryptographic keys and operations using those keys. Implements a REST model with the following objects:

This class provides the ability to make remote calls to the backing service through method calls that map to API methods.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.

Namespace

Google \ Cloud \ Kms \ V1 \ Client

Methods

__construct

Constructor.

Parameters
Name Description
options array

Optional. Options for configuring the service API wrapper.

↳ apiEndpoint string

The address of the API remote host. May optionally include the port, formatted as "

↳ credentials string|array|FetchAuthTokenInterface|CredentialsWrapper

The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.

↳ credentialsConfig array

Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .

↳ disableRetries bool

Determines whether or not retries defined by the client configuration should be disabled. Defaults to false.

↳ clientConfig string|array

Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.

↳ transport string|TransportInterface

The transport used for executing network requests. May be either the string rest or grpc. Defaults to grpc if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.

↳ transportConfig array

Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.

↳ clientCertSource callable

A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

createEkmConnection

Creates a new EkmConnection in a given Project and Location.

The async variant is EkmServiceClient::createEkmConnectionAsync() .

Parameters
Name Description
request Google\Cloud\Kms\V1\CreateEkmConnectionRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Kms\V1\EkmConnection
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;
use Google\Cloud\Kms\V1\CreateEkmConnectionRequest;
use Google\Cloud\Kms\V1\EkmConnection;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [EkmConnection][google.cloud.kms.v1.EkmConnection], in the format
 *                                `projects/*/locations/*`. Please see
 *                                {@see EkmServiceClient::locationName()} for help formatting this field.
 * @param string $ekmConnectionId It must be unique within a location and match the regular
 *                                expression `[a-zA-Z0-9_-]{1,63}`.
 */
function create_ekm_connection_sample(string $formattedParent, string $ekmConnectionId): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $ekmConnection = new EkmConnection();
    $request = (new CreateEkmConnectionRequest())
        ->setParent($formattedParent)
        ->setEkmConnectionId($ekmConnectionId)
        ->setEkmConnection($ekmConnection);

    // Call the API and handle any network failures.
    try {
        /** @var EkmConnection $response */
        $response = $ekmServiceClient->createEkmConnection($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = EkmServiceClient::locationName('[PROJECT]', '[LOCATION]');
    $ekmConnectionId = '[EKM_CONNECTION_ID]';

    create_ekm_connection_sample($formattedParent, $ekmConnectionId);
}

getEkmConfig

Returns the EkmConfig singleton resource for a given project and location.

The async variant is EkmServiceClient::getEkmConfigAsync() .

Parameters
Name Description
request Google\Cloud\Kms\V1\GetEkmConfigRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Kms\V1\EkmConfig
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;
use Google\Cloud\Kms\V1\EkmConfig;
use Google\Cloud\Kms\V1\GetEkmConfigRequest;

/**
 * @param string $formattedName The [name][google.cloud.kms.v1.EkmConfig.name] of the
 *                              [EkmConfig][google.cloud.kms.v1.EkmConfig] to get. Please see
 *                              {@see EkmServiceClient::ekmConfigName()} for help formatting this field.
 */
function get_ekm_config_sample(string $formattedName): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $request = (new GetEkmConfigRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var EkmConfig $response */
        $response = $ekmServiceClient->getEkmConfig($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = EkmServiceClient::ekmConfigName('[PROJECT]', '[LOCATION]');

    get_ekm_config_sample($formattedName);
}

getEkmConnection

Returns metadata for a given EkmConnection.

The async variant is EkmServiceClient::getEkmConnectionAsync() .

Parameters
Name Description
request Google\Cloud\Kms\V1\GetEkmConnectionRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Kms\V1\EkmConnection
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;
use Google\Cloud\Kms\V1\EkmConnection;
use Google\Cloud\Kms\V1\GetEkmConnectionRequest;

/**
 * @param string $formattedName The [name][google.cloud.kms.v1.EkmConnection.name] of the
 *                              [EkmConnection][google.cloud.kms.v1.EkmConnection] to get. Please see
 *                              {@see EkmServiceClient::ekmConnectionName()} for help formatting this field.
 */
function get_ekm_connection_sample(string $formattedName): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $request = (new GetEkmConnectionRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var EkmConnection $response */
        $response = $ekmServiceClient->getEkmConnection($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = EkmServiceClient::ekmConnectionName('[PROJECT]', '[LOCATION]', '[EKM_CONNECTION]');

    get_ekm_connection_sample($formattedName);
}

listEkmConnections

Parameters
Name Description
request Google\Cloud\Kms\V1\ListEkmConnectionsRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;
use Google\Cloud\Kms\V1\EkmConnection;
use Google\Cloud\Kms\V1\ListEkmConnectionsRequest;

/**
 * @param string $formattedParent The resource name of the location associated with the
 *                                [EkmConnections][google.cloud.kms.v1.EkmConnection] to list, in the format
 *                                `projects/*/locations/*`. Please see
 *                                {@see EkmServiceClient::locationName()} for help formatting this field.
 */
function list_ekm_connections_sample(string $formattedParent): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $request = (new ListEkmConnectionsRequest())
        ->setParent($formattedParent);

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $ekmServiceClient->listEkmConnections($request);

        /** @var EkmConnection $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = EkmServiceClient::locationName('[PROJECT]', '[LOCATION]');

    list_ekm_connections_sample($formattedParent);
}

updateEkmConfig

Updates the EkmConfig singleton resource for a given project and location.

The async variant is EkmServiceClient::updateEkmConfigAsync() .

Parameters
Name Description
request Google\Cloud\Kms\V1\UpdateEkmConfigRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Kms\V1\EkmConfig
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;
use Google\Cloud\Kms\V1\EkmConfig;
use Google\Cloud\Kms\V1\UpdateEkmConfigRequest;
use Google\Protobuf\FieldMask;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_ekm_config_sample(): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $ekmConfig = new EkmConfig();
    $updateMask = new FieldMask();
    $request = (new UpdateEkmConfigRequest())
        ->setEkmConfig($ekmConfig)
        ->setUpdateMask($updateMask);

    // Call the API and handle any network failures.
    try {
        /** @var EkmConfig $response */
        $response = $ekmServiceClient->updateEkmConfig($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateEkmConnection

Updates an EkmConnection's metadata.

The async variant is EkmServiceClient::updateEkmConnectionAsync() .

Parameters
Name Description
request Google\Cloud\Kms\V1\UpdateEkmConnectionRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Kms\V1\EkmConnection
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;
use Google\Cloud\Kms\V1\EkmConnection;
use Google\Cloud\Kms\V1\UpdateEkmConnectionRequest;
use Google\Protobuf\FieldMask;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_ekm_connection_sample(): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $ekmConnection = new EkmConnection();
    $updateMask = new FieldMask();
    $request = (new UpdateEkmConnectionRequest())
        ->setEkmConnection($ekmConnection)
        ->setUpdateMask($updateMask);

    // Call the API and handle any network failures.
    try {
        /** @var EkmConnection $response */
        $response = $ekmServiceClient->updateEkmConnection($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

verifyConnectivity

Verifies that Cloud KMS can successfully connect to the external key manager specified by an EkmConnection.

If there is an error connecting to the EKM, this method returns a FAILED_PRECONDITION status containing structured information as described at https://cloud.google.com/kms/docs/reference/ekm_errors.

The async variant is EkmServiceClient::verifyConnectivityAsync() .

Parameters
Name Description
request Google\Cloud\Kms\V1\VerifyConnectivityRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Kms\V1\VerifyConnectivityResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;
use Google\Cloud\Kms\V1\VerifyConnectivityRequest;
use Google\Cloud\Kms\V1\VerifyConnectivityResponse;

/**
 * @param string $formattedName The [name][google.cloud.kms.v1.EkmConnection.name] of the
 *                              [EkmConnection][google.cloud.kms.v1.EkmConnection] to verify. Please see
 *                              {@see EkmServiceClient::ekmConnectionName()} for help formatting this field.
 */
function verify_connectivity_sample(string $formattedName): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $request = (new VerifyConnectivityRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var VerifyConnectivityResponse $response */
        $response = $ekmServiceClient->verifyConnectivity($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = EkmServiceClient::ekmConnectionName('[PROJECT]', '[LOCATION]', '[EKM_CONNECTION]');

    verify_connectivity_sample($formattedName);
}

getLocation

Gets information about a location.

The async variant is EkmServiceClient::getLocationAsync() .

Parameters
Name Description
request Google\Cloud\Location\GetLocationRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Location\Location
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;
use Google\Cloud\Location\GetLocationRequest;
use Google\Cloud\Location\Location;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function get_location_sample(): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $request = new GetLocationRequest();

    // Call the API and handle any network failures.
    try {
        /** @var Location $response */
        $response = $ekmServiceClient->getLocation($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

listLocations

Lists information about the supported locations for this service.

The async variant is EkmServiceClient::listLocationsAsync() .

Parameters
Name Description
request Google\Cloud\Location\ListLocationsRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;
use Google\Cloud\Location\ListLocationsRequest;
use Google\Cloud\Location\Location;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function list_locations_sample(): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $request = new ListLocationsRequest();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $ekmServiceClient->listLocations($request);

        /** @var Location $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

getIamPolicy

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

The async variant is EkmServiceClient::getIamPolicyAsync() .

Parameters
Name Description
request Google\Cloud\Iam\V1\GetIamPolicyRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Iam\V1\Policy
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\GetIamPolicyRequest;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being requested.
 *                         See the operation documentation for the appropriate value for this field.
 */
function get_iam_policy_sample(string $resource): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $request = (new GetIamPolicyRequest())
        ->setResource($resource);

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $ekmServiceClient->getIamPolicy($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    get_iam_policy_sample($resource);
}

setIamPolicy

Sets the access control policy on the specified resource. Replaces any existing policy.

Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.

The async variant is EkmServiceClient::setIamPolicyAsync() .

Parameters
Name Description
request Google\Cloud\Iam\V1\SetIamPolicyRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Iam\V1\Policy
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\Iam\V1\SetIamPolicyRequest;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being specified.
 *                         See the operation documentation for the appropriate value for this field.
 */
function set_iam_policy_sample(string $resource): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $policy = new Policy();
    $request = (new SetIamPolicyRequest())
        ->setResource($resource)
        ->setPolicy($policy);

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $ekmServiceClient->setIamPolicy($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    set_iam_policy_sample($resource);
}

testIamPermissions

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

The async variant is EkmServiceClient::testIamPermissionsAsync() .

Parameters
Name Description
request Google\Cloud\Iam\V1\TestIamPermissionsRequest

A request to house fields associated with the call.

callOptions array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type Description
Google\Cloud\Iam\V1\TestIamPermissionsResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\TestIamPermissionsRequest;
use Google\Cloud\Iam\V1\TestIamPermissionsResponse;
use Google\Cloud\Kms\V1\Client\EkmServiceClient;

/**
 * @param string $resource           REQUIRED: The resource for which the policy detail is being requested.
 *                                   See the operation documentation for the appropriate value for this field.
 * @param string $permissionsElement The set of permissions to check for the `resource`. Permissions with
 *                                   wildcards (such as '*' or 'storage.*') are not allowed. For more
 *                                   information see
 *                                   [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
 */
function test_iam_permissions_sample(string $resource, string $permissionsElement): void
{
    // Create a client.
    $ekmServiceClient = new EkmServiceClient();

    // Prepare the request message.
    $permissions = [$permissionsElement,];
    $request = (new TestIamPermissionsRequest())
        ->setResource($resource)
        ->setPermissions($permissions);

    // Call the API and handle any network failures.
    try {
        /** @var TestIamPermissionsResponse $response */
        $response = $ekmServiceClient->testIamPermissions($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';
    $permissionsElement = '[PERMISSIONS]';

    test_iam_permissions_sample($resource, $permissionsElement);
}

createEkmConnectionAsync

Parameters
Name Description
request Google\Cloud\Kms\V1\CreateEkmConnectionRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Kms\V1\EkmConnection>

getEkmConfigAsync

Parameters
Name Description
request Google\Cloud\Kms\V1\GetEkmConfigRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Kms\V1\EkmConfig>

getEkmConnectionAsync

Parameters
Name Description
request Google\Cloud\Kms\V1\GetEkmConnectionRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Kms\V1\EkmConnection>

listEkmConnectionsAsync

Parameters
Name Description
request Google\Cloud\Kms\V1\ListEkmConnectionsRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\ApiCore\PagedListResponse>

updateEkmConfigAsync

Parameters
Name Description
request Google\Cloud\Kms\V1\UpdateEkmConfigRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Kms\V1\EkmConfig>

updateEkmConnectionAsync

Parameters
Name Description
request Google\Cloud\Kms\V1\UpdateEkmConnectionRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Kms\V1\EkmConnection>

verifyConnectivityAsync

Parameters
Name Description
request Google\Cloud\Kms\V1\VerifyConnectivityRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Kms\V1\VerifyConnectivityResponse>

getLocationAsync

Parameters
Name Description
request Google\Cloud\Location\GetLocationRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Location\Location>

listLocationsAsync

Parameters
Name Description
request Google\Cloud\Location\ListLocationsRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\ApiCore\PagedListResponse>

getIamPolicyAsync

Parameters
Name Description
request Google\Cloud\Iam\V1\GetIamPolicyRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Iam\V1\Policy>

setIamPolicyAsync

Parameters
Name Description
request Google\Cloud\Iam\V1\SetIamPolicyRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Iam\V1\Policy>

testIamPermissionsAsync

Parameters
Name Description
request Google\Cloud\Iam\V1\TestIamPermissionsRequest
optionalArgs array
Returns
Type Description
GuzzleHttp\Promise\PromiseInterface<Google\Cloud\Iam\V1\TestIamPermissionsResponse>

static::ekmConfigName

Formats a string containing the fully-qualified path to represent a ekm_config resource.

Parameters
Name Description
project string
location string
Returns
Type Description
string The formatted ekm_config resource.

static::ekmConnectionName

Formats a string containing the fully-qualified path to represent a ekm_connection resource.

Parameters
Name Description
project string
location string
ekmConnection string
Returns
Type Description
string The formatted ekm_connection resource.

static::locationName

Formats a string containing the fully-qualified path to represent a location resource.

Parameters
Name Description
project string
location string
Returns
Type Description
string The formatted location resource.

static::serviceName

Formats a string containing the fully-qualified path to represent a service resource.

Parameters
Name Description
project string
location string
namespace string
service string
Returns
Type Description
string The formatted service resource.

static::parseName

Parses a formatted name string and returns an associative array of the components in the name.

The following name formats are supported: Template: Pattern

  • ekmConfig: projects/{project}/locations/{location}/ekmConfig
  • ekmConnection: projects/{project}/locations/{location}/ekmConnections/{ekm_connection}
  • location: projects/{project}/locations/{location}
  • service: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}

The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.

Parameters
Name Description
formattedName string

The formatted name string

template string

Optional name of template to match

Returns
Type Description
array An associative array from name component IDs to component values.